Hi, has anyone ever encountered that the PATCH method via XHR (AJAX requests) was blocked by a firewall?
Basically, we had a situation where the client complained that he could not update the material in our application. We tested it everywhere in the world in which he worked (we connected several places via VPN )
Then they provided us with a remote desktop (the latest version of Windows, the latest chrome), so we tried it for ourselves from our network, and they were right. All PATCH methods through AJAX calls ended with 405, but all PUT POST DELETE GET methods were fine. We tried to track these PATCH requests in Nginx applications and logs, but it seems they never got to our server. Thus, the conclusion is that their firewall is later for the request to leave the building.
normal:
| Laptop PATCH -> Clients Firewal -> Load Balancer -> Nginx proxy -> Rails app (200 response) |
this case of firewall:
| Laptop PATCH -> Clients Firewal (405 response) |
Due to the lack of time to learn this, we simply changed some of these problematic endpoints from PATCH to PUT, and it worked!
my only explanation is that since PATCH is part of another (later introduced) RFC, their firewall should be very old and not register PATCH as a valid method. Their system administrator has no idea why this might be. But one key is that the EdTech application and clients are Schools => they may not necessarily have the latest technology in their network stack. Nanny software may also be specified.
cross reference to Reddit discussion on the same issue: https://www.reddit.com/r/rest/comments/5gkvba/patch_blocked_by_firewall/
source share